;/*
- * "$Id: auth.c 5043 2006-02-01 18:55:16Z mike $"
+ * "$Id: auth.c 5083 2006-02-06 02:57:43Z mike $"
*
* Authorization routines for the Common UNIX Printing System (CUPS).
*
* cupsdIsAuthorized() - Check to see if the user is authorized...
* add_allow() - Add an allow mask to the location.
* add_deny() - Add a deny mask to the location.
+ * compare_locations() - Compare two locations.
* cups_crypt() - Encrypt the password using the DES or MD5
* algorithms, as needed.
* pam_func() - PAM conversation function.
#ifdef HAVE_USERSEC_H
# include <usersec.h>
#endif /* HAVE_USERSEC_H */
+#ifdef HAVE_MEMBERSHIP_H
+# include <membership.h>
+#endif /* HAVE_MEMBERSHIP_H */
/*
static cupsd_authmask_t *add_allow(cupsd_location_t *loc);
static cupsd_authmask_t *add_deny(cupsd_location_t *loc);
+static int compare_locations(cupsd_location_t *a,
+ cupsd_location_t *b);
#if !HAVE_LIBPAM
static char *cups_crypt(const char *pw, const char *salt);
#endif /* !HAVE_LIBPAM */
/*
- * Try to allocate memory for the new location.
+ * Make sure the locations array is created...
*/
- if (NumLocations == 0)
- temp = malloc(sizeof(cupsd_location_t));
- else
- temp = realloc(Locations, sizeof(cupsd_location_t) * (NumLocations + 1));
+ if (!Locations)
+ Locations = cupsArrayNew((cups_array_func_t)compare_locations, NULL);
- if (temp == NULL)
+ if (!Locations)
return (NULL);
- Locations = temp;
- temp += NumLocations;
- NumLocations ++;
+ /*
+ * Try to allocate memory for the new location.
+ */
+
+ if ((temp = calloc(1, sizeof(cupsd_location_t))) == NULL)
+ return (NULL);
/*
* Initialize the record and copy the name over...
*/
- memset(temp, 0, sizeof(cupsd_location_t));
- strlcpy(temp->location, location, sizeof(temp->location));
- temp->length = strlen(temp->location);
+ temp->location = strdup(location);
+ temp->length = strlen(temp->location);
- cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAddLocation: added location \'%s\'",
+ cupsArrayAdd(Locations, temp);
+
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddLocation: added location \'%s\'",
location);
/*
if ((temp = add_allow(loc)) == NULL)
return;
- if (strcasecmp(name, "@LOCAL") == 0)
+ if (!strcasecmp(name, "@LOCAL"))
{
/*
* Allow *interface*...
temp->mask.name.name = strdup("*");
temp->mask.name.length = 1;
}
- else if (strncasecmp(name, "@IF(", 4) == 0)
+ else if (!strncasecmp(name, "@IF(", 4))
{
/*
* Allow *interface*...
if (name_len >= masks->mask.name.length &&
masks->mask.name.name[0] == '.' &&
- strcasecmp(name + name_len - masks->mask.name.length,
- masks->mask.name.name) == 0)
+ !strcasecmp(name + name_len - masks->mask.name.length,
+ masks->mask.name.name))
return (1);
break;
int i; /* Looping var */
struct group *group; /* System group info */
char junk[33]; /* MD5 password (not used) */
+#ifdef HAVE_MBR_UID_TO_UUID
+ uuid_t useruuid, /* UUID for username */
+ groupuuid; /* UUID for groupname */
+ int is_member; /* True if user is a member of group */
+#endif /* HAVE_MBR_UID_TO_UUID */
cupsdLogMessage(CUPSD_LOG_DEBUG2,
if (user && group && group->gr_gid == user->pw_gid)
return (1);
+#ifdef HAVE_MBR_UID_TO_UUID
+ /*
+ * Check group membership through MacOS X membership API...
+ */
+
+ if (user && group)
+ if (!mbr_uid_to_uuid(user->pw_uid, useruuid))
+ if (!mbr_gid_to_uuid(group->gr_gid, groupuuid))
+ if (!mbr_check_membership(useruuid, groupuuid, &is_member))
+ if (is_member)
+ return (1);
+#endif /* HAVE_MBR_UID_TO_UUID */
+
/*
* Username not found, group not found, or user is not part of the
* system group... Check for a user and group in the MD5 password
cupsd_location_t **loc) /* IO - Original location */
{
int i; /* Looping var */
- int locindex; /* Index into Locations array */
cupsd_location_t *temp; /* New location */
char location[HTTP_MAX_URI];
/* Location of resource */
- /*
- * Add the new location, updating the original location
- * pointer as needed...
- */
-
- locindex = *loc - Locations;
-
/*
* Use a local copy of location because cupsdAddLocation may cause
* this memory to be moved...
if ((temp = cupsdAddLocation(location)) == NULL)
return (NULL);
- *loc = Locations + locindex;
-
/*
* Copy the information from the original location to the new one.
*/
cupsdLogMessage(CUPSD_LOG_ERROR,
"cupsdCopyLocation: Unable to allocate memory for %d names: %s",
temp->num_names, strerror(errno));
- NumLocations --;
+
+ cupsdDeleteLocation(temp);
return (NULL);
}
"cupsdCopyLocation: Unable to copy name \"%s\": %s",
(*loc)->names[i], strerror(errno));
- NumLocations --;
+ cupsdDeleteLocation(temp);
return (NULL);
}
}
cupsdLogMessage(CUPSD_LOG_ERROR,
"cupsdCopyLocation: Unable to allocate memory for %d allow rules: %s",
temp->num_allow, strerror(errno));
- NumLocations --;
+ cupsdDeleteLocation(temp);
return (NULL);
}
cupsdLogMessage(CUPSD_LOG_ERROR,
"cupsdCopyLocation: Unable to copy allow name \"%s\": %s",
(*loc)->allow[i].mask.name.name, strerror(errno));
- NumLocations --;
+ cupsdDeleteLocation(temp);
return (NULL);
}
break;
cupsdLogMessage(CUPSD_LOG_ERROR,
"cupsdCopyLocation: Unable to allocate memory for %d deny rules: %s",
temp->num_deny, strerror(errno));
- NumLocations --;
+ cupsdDeleteLocation(temp);
return (NULL);
}
cupsdLogMessage(CUPSD_LOG_ERROR,
"cupsdCopyLocation: Unable to copy deny name \"%s\": %s",
(*loc)->deny[i].mask.name.name, strerror(errno));
- NumLocations --;
+ cupsdDeleteLocation(temp);
return (NULL);
}
break;
void
cupsdDeleteAllLocations(void)
{
- int i; /* Looping var */
cupsd_location_t *loc; /* Current location */
* Free all of the allow/deny records first...
*/
- for (i = NumLocations, loc = Locations; i > 0; i --, loc ++)
+ for (loc = (cupsd_location_t *)cupsArrayFirst(Locations);
+ loc;
+ loc = (cupsd_location_t *)cupsArrayNext(Locations))
cupsdDeleteLocation(loc);
/*
* Then free the location array...
*/
- if (NumLocations > 0)
- free(Locations);
-
- Locations = NULL;
- NumLocations = 0;
+ cupsArrayDelete(Locations);
+ Locations = NULL;
}
cupsd_authmask_t *mask; /* Current mask */
+ cupsArrayRemove(Locations, loc);
+
for (i = loc->num_names - 1; i >= 0; i --)
free(loc->names[i]);
if (loc->num_deny > 0)
free(loc->deny);
+
+ free(loc->location);
+ free(loc);
}
if ((temp = add_deny(loc)) == NULL)
return;
- if (strcasecmp(name, "@LOCAL") == 0)
+ if (!strcasecmp(name, "@LOCAL"))
{
/*
* Deny *interface*...
temp->mask.name.name = strdup("*");
temp->mask.name.length = 1;
}
- else if (strncasecmp(name, "@IF(", 4) == 0)
+ else if (!strncasecmp(name, "@IF(", 4))
{
/*
* Deny *interface*...
cupsdFindBest(const char *path, /* I - Resource path */
http_state_t state) /* I - HTTP state/request */
{
- int i; /* Looping var */
char uri[HTTP_MAX_URI],
/* URI in request... */
*uriptr; /* Pointer into URI */
best = NULL;
bestlen = 0;
- for (i = NumLocations, loc = Locations; i > 0; i --, loc ++)
+ for (loc = (cupsd_location_t *)cupsArrayFirst(Locations);
+ loc;
+ loc = (cupsd_location_t *)cupsArrayNext(Locations))
{
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindBest: Location %s Limit %x",
loc->location, loc->limit);
*/
if (loc->length > bestlen &&
- strncasecmp(uri, loc->location, loc->length) == 0 &&
+ !strncasecmp(uri, loc->location, loc->length) &&
loc->location[0] == '/' &&
(limit & loc->limit) != 0)
{
cupsd_location_t * /* O - Location that matches */
cupsdFindLocation(const char *location) /* I - Connection */
{
- int i; /* Looping var */
+ cupsd_location_t key; /* Search key */
- /*
- * Loop through the list of locations to find a match...
- */
+ key.location = (char *)location;
- for (i = 0; i < NumLocations; i ++)
- if (!strcasecmp(Locations[i].location, location))
- return (Locations + i);
-
- return (NULL);
+ return ((cupsd_location_t *)cupsArrayFind(Locations, &key));
}
continue;
}
- if (strcmp(username, tempuser) == 0 &&
- (group == NULL || strcmp(group, tempgroup) == 0))
+ if (!strcmp(username, tempuser) &&
+ (group == NULL || !strcmp(group, tempgroup)))
{
/*
* Found the password entry!
best = con->best;
cupsdLogMessage(CUPSD_LOG_DEBUG2,
- "cupsdIsAuthorized: level=AUTH_%s, type=AUTH_%s, satisfy=AUTH_SATISFY_%s, num_names=%d",
+ "cupsdIsAuthorized: level=AUTH_%s, type=AUTH_%s, "
+ "satisfy=AUTH_SATISFY_%s, num_names=%d",
levels[best->level], types[best->type],
best->satisfy ? "ANY" : "ALL", best->num_names);
* See if encryption is required...
*/
- if (best->encryption >= HTTP_ENCRYPT_REQUIRED && !con->http.tls)
+ if (best->encryption >= HTTP_ENCRYPT_REQUIRED && !con->http.tls &&
+ best->satisfy == AUTH_SATISFY_ALL)
{
cupsdLogMessage(CUPSD_LOG_DEBUG2,
"cupsdIsAuthorized: Need upgrade to TLS...");
}
+/*
+ * 'compare_locations()' - Compare two locations.
+ */
+
+static int /* O - Result of comparison */
+compare_locations(cupsd_location_t *a, /* I - First location */
+ cupsd_location_t *b) /* I - Second location */
+{
+ return (strcmp(b->location, a->location));
+}
+
+
#if !HAVE_LIBPAM
/*
* 'cups_crypt()' - Encrypt the password using the DES or MD5 algorithms,
cups_crypt(const char *pw, /* I - Password string */
const char *salt) /* I - Salt (key) string */
{
- if (strncmp(salt, "$1$", 3) == 0)
+ if (!strncmp(salt, "$1$", 3))
{
/*
* Use MD5 passwords without the benefit of PAM; this is for
/*
- * End of "$Id: auth.c 5043 2006-02-01 18:55:16Z mike $".
+ * End of "$Id: auth.c 5083 2006-02-06 02:57:43Z mike $".
*/
projects / thirdparty / cups.git / blobdiff